As federal investigators continue their work, the dual breaches of critical intelligence infrastructure highlight the sophisticated and persistent nature of foreign cyber threats targeting America’s most sensitive defense and intelligence capabilities. The targeting of both the intelligence contracting website and the Nuclear Security Administration suggests a coordinated campaign to access America’s most sensitive defense capabilities. Unidentified hackers have successfully breached a critical intelligence website used by the CIA and other U.S. agencies to manage sensitive government contracts, according to the National Reconnaissance Office (NRO), the spy satellite service that operates the compromised platform. The cyberattack targeted the Acquisition Research Center (ARC) website, an unclassified portal that serves as the primary access point for private companies seeking to do business with America’s intelligence community. The extent of the breach remains under investigation by federal law enforcement, but intelligence sources indicate the hackers likely obtained information on key technologies crucial to CIA operations. “When proprietary innovations intended for CIA-backed programs are exfiltrated, it’s not just a vendor issue but a serious national security breach,” he emphasized. During a security conference last summer, Scolese identified Russia and China as presenting distinct but equally serious challenges to U.S. space-based intelligence capabilities. The breach compromised proprietary intellectual property and personal information submitted by vendors supporting several innovative CIA spying programs, including the highly classified Digital Hammer initiative. The program develops sophisticated capabilities, including open-source intelligence platforms, miniaturized sensors, hidden surveillance tools, acoustic and communications systems, and artificial intelligence-powered data collection and analysis tools. Microsoft revealed this week that Chinese hackers successfully penetrated the Department of Energy’s National Nuclear Security Administration (NNSA), the federal agency responsible for maintaining America’s nuclear weapons stockpile. “Russia is pushing into more disruptive capabilities of space,” Scolese warned, noting Moscow’s development of space-based nuclear anti-satellite weapons. The NRO director emphasized that while the United States currently maintains “the strongest capability” and “the best ISR [intelligence, surveillance, and reconnaissance],” China is “coming on strong” and represents an additional threat to American space operations. Digital Hammer compiles cutting-edge technologies for human intelligence gathering, surveillance, and counterintelligence operations, with a particular focus on countering Chinese intelligence and information operations. “Given the sensitivity and exclusivity of the Digital Hammer program, this compromise almost certainly points to a state-sponsored actor, likely China,” Eads told The Washington Times. While officials maintain that no classified information appears to have been compromised, the theft of proprietary intellectual property from defense contractors poses significant national security risks. According to CIA Deputy Director of Acquisition Management Lori Ann Duvall-Jones, Digital Hammer serves as a contracting vehicle that allows vendors to present innovative offerings “within a CIA space”. “We can confirm that an incident involving our unclassified Acquisition Research Center website is currently being investigated by federal law enforcement,” the spokesman stated. Sources familiar with the investigation confirmed that data from Digital Hammer, one of the CIA’s most sensitive technology development programs, was among the information accessed by the hackers. Other potentially compromised areas include Space Force surveillance satellite programs, space-based weapons development, and the Golden Dome missile defense program. The intelligence website compromise comes amid a broader pattern of Chinese state-sponsored cyberattacks targeting critical U.S. infrastructure. Three Chinese threat groups Linen Typhoon, Violet Typhoon, and Storm-2603 were identified as the primary actors behind the SharePoint attacks, which ultimately compromised over 400 organizations and government agencies worldwide. However, he characterized China as presenting “a different threat” due to the country’s technological sophistication, economic strength, and comprehensive development of capabilities “across the spectrum of systems”. The ARC website serves as the intelligence community’s primary interface for market research, identifying business solutions, and communicating with industry partners. L.J. Eads, a former Air Force intelligence officer and founder of Data Abyss, assessed that the ARC breach was not opportunistic but rather a sophisticated state-sponsored operation.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 28 Jul 2025 09:30:18 +0000